Constructive cryptography – A new paradigm for security definitions and proofs

Ueli Maurer

Constructive cryptography, an application of abstract cryptography
proposed by Maurer and Renner, is a new paradigm for
defining the security of cryptographic schemes such as symmetric
encryption, message authentication codes, public-key encryption,
key-agreement protocols, and digital signature schemes, and for
proving the security of protocols making use of such schemes. Such
a cryptographic scheme can be seen (and defined) as constructing a
certain resource (e.g. a channel or key) with certain security
properties from another (weaker) such resource. For example, a
secure encryption scheme constructs a secure channel from an
authenticated channel and a secret key.

The term ``construct'', which is defined by the use of a simulator,
is composable in the sense that a protocol obtained by the
composition of several secure constructive steps is itself
secure. This is in contrast to both the traditional, game-based
security definitions for cryptographic schemes and the attack-based
security definitions used in formal-methods based security research,
which are generally not composable.

Constructive cryptography allows to take a new look at cryptography
and the design of cryptographic protocols. One can give explicit
meaning to various types of game-based security notions of
confidentiality, integrity, and malleability, one can design key
agreement, secure communication, certification, and other protocols
in a modular and composable manner, and one can separate the
understanding of what cryptography achieves from the technical
security definitions and proofs, which is useful for didactic
purposes and protocol design.